Advertisement

Education and Information Technologies

, Volume 24, Issue 6, pp 3619–3643 | Cite as

Supporting cybersecurity education and training via LMS integration: CyLMS

  • Razvan BeuranEmail author
  • Dat Tang
  • Zheyu Tan
  • Shinobu Hasegawa
  • Yasuo Tan
  • Yoichi Shinoda
Article
  • 103 Downloads

Abstract

Cybersecurity education and training are being conducted on an ever-increasing scale, as most organizations need to improve their readiness in dealing with the more and more frequent cyberattacks. However, most systems used for such education and training purposes are built from scratch, are highly customized, and often proprietary. This is true especially for complex activities that include hands-on practice, such as Capture The Flag (CTF) competitions and realistic cyber range training. Moreover, the specificities of these platforms create an important overhead, both for instructors, who need to develop training content and learn how to use them, and also for trainees, who need to each time adjust to a different platform. In this paper, we present our approach of integrating cybersecurity training activities, both for technical and awareness training, with Learning Management Systems (LMSs). In particular, our system—named CyLMS—provides integration from content point of view with most LMSs through the use of the SCORM format for packaging the training content. Moreover, additional CyLMS modules make possible a tighter integration with the Moodle LMS, a widely-used e-learning platform, for tasks such as automatic activity management and hands-on environment access. In this way, both instructors and trainees benefit from standard interfaces for checking the training content, answering questions, managing the results, etc. The paper includes an evaluation of CyLMS from a functionality, user and performance perspectives that demonstrates its applicability to actual training activities. While so far we have only used CyLMS in the cybersecurity context, the platform is sufficiently generic to be applied to other education activities, as a learning content management tool that facilitates training content creation and sharing.

Keywords

Cybersecurity education Learning content management Learning management system Hands-on training Cyber range 

Notes

Acknowledgements

The authors would like to thank Muhammad Harith bin Noor Azam for the initial implementation of content management via moosh, and Masanori Sunagawa for the prototype implementation of remote desktop access via noVNC. This work was supported by JSPS KAKENHI Grants Number 17K00478 and 17K00479.

References

  1. Advanced Distributed Learning (ADL) Initiative: SCORM Overview. https://www.adlnet.gov/scorm.
  2. Alario-Hoyos, C., Bote-Lorenzo, M.L., Gomez-Sanchez, E., Asensio-Perez, J.I., Vega-Gorgojo, G., Ruiz-calleja, A. (2013). GLUE: An architecture for the integration of external tools in Virtual Learning Environments. Computers & Education, 60(1), 122–137.CrossRefGoogle Scholar
  3. Bartnes, M., Moe, N.B., Heegaard, P.E. (2016). The future of information security incident management training: a case study of electrical power companies. Computers & Security, 61(Section C), 32–45.CrossRefGoogle Scholar
  4. Beuran, R., Pham, C., Tang, D., Chinen, K., Tan, Y., Shinoda, Y. (2018). Cybersecurity education and training support system: cyRIS. IEICE Transactions on Information and Systems, E101-D(3), 740–749.CrossRefGoogle Scholar
  5. Beuran, R., Tang, D., Pham, C., Chinen, K., Tan, Y., Shinoda, Y. (2018). Integrated framework for hands-on cybersecurity training: CyTrONE. Computers & Security, 78C, 43–59.CrossRefGoogle Scholar
  6. Brin, S., & Page, L. (1998). The anatomy of a large-scale hypertextual Web search engine. Computer Networks and ISDN Systems, 30(1–7), 107–117.CrossRefGoogle Scholar
  7. Cyber Range Organization and Design (CROND). GitHub Repository for CyLMS. https://github.com/crond-jaist/cylms.
  8. DBpedia Association: DBpedia Website. https://wiki.dbpedia.org/.
  9. Evans, C. (2017). The Official YAML Website. http://www.yaml.org/.
  10. Ghiglieri, M., & Stopczynski, M. (2016). Seclab: an innovative approach to learn and understand current security and privacy issues. In Proceedings of the 17th Annual Conference on Information Technology Education (SIGITE ‘16) (pp 67–72).Google Scholar
  11. IMS Global Learning Consortium: Learning Tools Interoperability Website. http://www.imsglobal.org/activity/learning-tools-interoperability.
  12. Jeffrey, C. tty.js: A terminal for your browser, using node/express/socket.io. https://github.com/chjj/tty.js/.
  13. Noor Azam, Md.H., & Beuran, R. (2018). Usability evaluation of open source and online capture the flag platforms. Tech. Rep. IS-RR-2018-001 Japan advanced institute of science and technology (JAIST).Google Scholar
  14. Muras, T. Moosh Official Website. https://moosh-online.com/.
  15. National Institute of Information and Communications Technology, Japan: Cyber Defense Exercise with Recurrence (CYDER) (in Japanese). https://cyder.nict.go.jp/.
  16. noVNC Development Team. noVNC: HTML VNC Client Library and Application. https://github.com/novnc/noVNC.
  17. Sancristobal, E., Castro, M., Harward, J., Baley, P., DeLong, K., Hardison, J. (2010). Integration view of web labs and learning management systems. In Proceedings of IEEE EDUCON 2010 Conference (pp. 1409–1417).Google Scholar
  18. SANS Institute: SANS NetWars Training Courses. https://www.sans.org/netwars/.
  19. Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A. (2008). National institute of standards and technology – technical guide to information security testing and assessment.Google Scholar
  20. Soceanu, A., Vasylenko, M., Gradinaru, A. (2017). Improving cybersecurity skills using network security virtual labs. In: Proceedings of International MultiConference of Engineers and Computer Scientists (IMECS 2017).Google Scholar
  21. Tan, Z., Hasegawa, S., Beuran, R. (2018). Concept map building from linked open data for cybersecurity awareness training. In Proceedings of the Japanese society for artificial intelligence (JSAI) special interest group on advanced learning science and technology workshop (SIG-ALST83) (pp. 1–6).Google Scholar
  22. Tang, D., Pham, C., Chinen, K., Beuran, R. (2017). Interactive cybersecurity defense training inspired by web-based learning theory. In Proceedings of the IEEE 9th international conference on engineering education (ICEED 2017) (pp. 103–108).Google Scholar
  23. The Moodle Project: AIKEN Format. https://docs.moodle.org/en/Aiken_format.
  24. The Moodle Project: GIFT Format. https://docs.moodle.org/en/GIFT_format.
  25. The Moodle Project: Moodle XML Format. https://docs.moodle.org/en/Moodle_XML_format.
  26. Web Application Security Forum: Hardening Project (in Japanese). https://wasforum.jp/hardening-project/ https://wasforum.jp/hardening-project/.
  27. Woo, Y., & Reeves, T.C. (2007). Meaningful interaction in web-based learning: a social constructivist interpretation. The Internet and Higher Education, 10(1), 15–25.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Japan Advanced Institute of Science and TechnologyNomiJapan
  2. 2.Delivion GmbHMülheim an der RuhrGermany

Personalised recommendations